MDVSA-2013:237

Problem description

Multiple security issues was identified and fixed in mozilla firefox:

Mozilla developers identified and fixed several memory safety
bugs in the browser engine used in Firefox and other Mozilla-based
products. Some of these bugs showed evidence of memory corruption under
certain circumstances, and we presume that with enough effort at least
some of these could be exploited to run arbitrary code (CVE-2013-1719).

Security researcher Abhishek Arya (Inferno) of the Google Chrome
Security Team used the Address Sanitizer tool to discover a
use-after-free problem in the Animation Manager during the cloning
of stylesheets. This can lead to a potentially exploitable crash
(CVE-2013-1722).

Mozilla community member Ms2ger found a mechanism where a new
Javascript object with a compartment is uninitialized could be entered
through web content. When the scope for this object is called, it
leads to a potentially exploitable crash (CVE-2013-1725).

Security researcher Sachin Shinde reported that moving certain
XBL-backed nodes from a document into the replacement document created
by document.open() can cause a JavaScript compartment mismatch which
can often lead to exploitable conditions (CVE-2013-1730).

Security researcher Nils reported two potentially exploitable memory
corruption bugs involving scrolling. The first was a use-after-free
condition due to scrolling an image document. The second was due to
nodes in a range request being added as children of two different
parents (CVE-2013-1735, CVE-2013-1736).

Mozilla developer Boris Zbarsky reported that user-defined getters on
DOM proxies would incorrectly get the expando object as this. It is
unlikely that this is directly exploitable but could lead to JavaScript
client or add-on code making incorrect security sensitive decisions
based on hacker supplied values (CVE-2013-1737).

Additionally a problem was found and fixed in the python-virtualenv
packages which is also being provided with this advisory.

The mozilla firefox packages has been upgraded to the latest ESR
version (17.0.9) which is unaffected by these security flaws.